CVE-2021-45343 — NULL Pointer Dereference in Librecad

CWE-476 — NULL Pointer Dereference6 documents5 sources

Severity

5.5MEDIUMNVD

OSV7.8

EPSS

0.1%

top 68.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Librecad Debian Librecad Debian Linux +1 more

Timeline

PublishedJan 25

Latest updateMar 15

Description

In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/librecad< librecad 2.1.3-3 (bookworm)

▶Debianlibrecad/librecad< 2.1.3-1.3+deb11u1+3

▶Ubuntulibrecad/librecad< 2.1.3-1.2+deb10u1build0.20.04.1+2

▶NVDlibrecad/librecad2.2.0

Also affects: Debian Linux 10.0, 11.0, Fedora 34, 35

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

librecad vulnerabilities↗2023-03-15

▶

GHSA

GHSA-xcgm-pvwf-mjq7: In LibreCAD 2↗2022-02-15

▶

OSV

CVE-2021-45343: In LibreCAD 2↗2022-01-25

▶

📋Vendor Advisories

Ubuntu

LibreCAD vulnerabilities↗2023-03-15

▶

Debian

CVE-2021-45343: librecad - In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw ...↗2021

▶